Dustin C. Hatch
6d1442faf0
The *lego-nginx* role automates obtaining certificates for *nginx* via ACME using `lego`. It generates a shell script with the appropriate arguments for `lego run`, runs it once to obtain a certificate initially, then schedules it to run periodically via a systemd timer unit. Using `lego`'s "hook" capability, the script signals the `nginx` server process to reload. This uses `doas` for now, but could be adapted easily to use `sudo`, if the need ever arises.
11 lines
213 B
Desktop File
11 lines
213 B
Desktop File
[Unit]
|
|
Description=Renew certificates with LEGO
|
|
Wants=network-online.target
|
|
After=network-online.target
|
|
After=httpd.service nginx.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
User=lego
|
|
ExecStart=/bin/sh /var/lib/lego/renew.sh
|